Debian Long Term Support / LTS Security Information / 2017 / Security Information -- DLA-959-1 libical

Debian Security Advisory

DLA-959-1 libical -- LTS security update

Date Reported:

28 May 2017

Affected Packages:

libical

Vulnerable:

Yes

Security database references:

In Mitre's CVE dictionary: CVE-2016-5824, CVE-2016-9584.

More information:

It was discovered that there was a use-after-free vulnerability in the libical iCalendar library. Remote attackers could cause a denial of service and possibly read heap memory via a specially crafted .ICS file.

For Debian 7 Wheezy, this issue has been fixed in libical version 0.48-2+deb7u1.

We recommend that you upgrade your libical packages.